Privacy Policy

Personal data protection charter 

IDO-DATA is a simplified joint stock company with a share capital of €11,220, whose registered office is located at MIX - 4 and 6 avenue Joannes Hubert 69160 Tassin-la-Demi-Lune, and registered in the trade and companies register under number 821 890 928 RCS LYON (hereinafter "IDO-DATA"). IDO-DATA is a company specialising in the design, development, manufacture and operation of objects connected to the Internet, as well as related digital services, enabling, in particular, the improvement of the safety of goods and people, decision-making and the optimisation of resource consumption.

As part of its activities, IDO-DATA has designed and developed a connected device, aimed at making the activities of water sports enthusiasts (paddle, kitesurf, kayak, small craft, etc.) safer, designed in collaboration with the Société Nationale des Sauveteurs en Mer, a French association of public utility, whose head office is located at 8, Cité d'Antin - 75 009 PARIS, identified under the SIRET number 77566502900184 (the "S. N.S.M."), and by Mr Philippe STARCK, whose company PHS General Design CSA, a company under Luxembourg law with a share capital of € 31,400, whose registered office is located at 31, rue du Fort Elisabeth L-1463 Luxembourg (Luxembourg), manager of the rights (the "DIAL Solution"). The DIAL Solution consists of a geolocatable bracelet to be worn by the User (the "Wristband"), connected to the "DIAL" application, available via mobile phone on the App Store or Google Play (the "DIAL Application"), allowing, following the purchase of Digital Use Credits, to transmit the position of said User to the emergency services, in case of activation of an alert on the Wristband. The specific functionalities of the DIAL Solution are detailed in the commercial brochure, which can be consulted on the website accessible at https://dial.snsm.support/ and/or all suffixes and/or access fields that refer to it, as well as in the precautions for use included in the specific instructions for use accompanying the sale of any Bracelet (the "Precautions for Use").

THE DIAL SOLUTION CONSISTS OF AN INDICATIVE HELP IN FINDING THE POSITION OF THE USER. IT CANNOT IN ANY CASE REPLACE THE NECESSARY SURVEILLANCE TO BE PROVIDED, IN ALL SITUATIONS, BY ANY LEGAL REPRESENTATIVE, SUCH AS FOLLOWING THE INSTRUCTIONS AND INSTRUCTIONS GIVEN BY RESCUE PROFESSIONALS IN SUPERVISED AREAS.

For IDO-DATA, the preservation of Users' personal data is important.

IDO-DATA undertakes to implement adequate measures for the protection, confidentiality and security of Users' personal data, in accordance with current European regulations, as issued by Regulation (EU) 2016/679 of the European Parliament. and of the Council of April 27, 2016, on the protection of individuals with regard to the processing of personal data and on the free movement of such data (the “RGDP”), and repealing Directive 95/46 / EC (general data protection regulation), and French, in particular the rules of national law applying the GDPR.

The purpose of this charter (the "Charter") is to inform and enlighten Users on the purposes of the collection and processing of their personal data by IDO-DATA, as data controller.

Users are therefore invited to read the Charter very carefully, to print it and keep a copy.

By using the DIAL Solution, the User accepts all the provisions included in the Charter relating to the collection and processing of their data, for the purposes explained below.

Users are required to provide their personal data in digital format when using the DIAL Solution.

1. Identity of the persons whose data is the object of collection and processing by IDO-DATA

As part of its operation of the DIAL Solution, IDO-DATA will collect and process the data of the following Users: The customer: who designates, following the purchase of a Bracelet, the holder of the corresponding User-account on the DIAL Application, in administration of the DIAL Solution, including registration prior to any use on the DIAL Application, the management of dedicated User-accounts, the designation of Referrals and the purchase of the Digital Use Credits required for the use of the DIAL Solution. The referent: who designates a referent appointed by the Customer, when registering on the DIAL Application and / or at any time, on this same DIAL Application, as a Referrer, following acceptance of this charge by the latter, during the periods activation of the Bracelet, under normal conditions of use or in alert mode. The Referent is the one who can follow the position of the User who is physically wearing the Bracelet, during these periods. It is his responsibility to transmit, via the DIAL Solution, the User's position to the emergency services, in the event of triggering of the alert mode or at any time, as soon as legitimate and sufficient elements indicate it. The physical wearer of the Bracelet: who designates the person who actually wears the Bracelet, within the framework of a given period of activity, and who can activate, in the event of an emergency or any other event justifying it, the mode of alert of the Referent, so that the latter can notify the emergency services. The customer, any referent and the physical wearer of the Bracelet being designated together above and below by the "Users", for the purposes of operating the DIAL Solution. These are the Users who are affected by the collection and processing of personal data determined below. 2. Categories of personal data collected User data that can be collected and processed by IDO-DATA may consist (without limitation) of the following data: a) Users' identity: title, surnames, first names, company name, address, number phone number (landline and / or mobile), e-mail addresses, age; b) data relating to means of payment: name of the banking establishment, nature of the bank card, without however including the bank card number and / or the cryptogram, billing e-mail address, billing address, statement of payment postal or bank identity, partial bank card numbers, expiry date of the bank card. The visual cryptogram of the Client User's bank card, collected once through the payment intermediary designated in Article 4 below (and not by IDO-DATA), following insertion by the Client User, for the needs transactions in the purchase of Digital User Credits required for the operation of the DIAL Solution. Said visual cryptogram must not be kept, in accordance with the regulations in force; c) data relating to the connection such as confirmation of registration and creation of user account (s), the identity of the Referrers active on each user account, the balance of Digital Credits of Current use; d) the geolocation data of the User who is the physical bearer of the Bracelet, only during the activation period of said Bracelet by the User, corresponding to a determined period of activity, excluding any profiling or systematic and regular monitoring outside this period; it being specified that without the activation of the Bracelet by the hand of the User, no geolocation data is collected by IDO-DATA, the decision to activate the Bracelet thus always reverting to the User concerned; e) data relating to the follow-up of the commercial relationship: documentation requests, test requests, bracelets purchased, services or orders, quantity, amount, frequency, delivery addresses, transaction numbers, history and details of purchases in Digital Use Credits made, product returns, origin of the sale (seller, representative, partner, affiliate), correspondence with the customer and after-sales service, discussions and comments from customers and prospects, person (s) in charge of customer relations; f) data relating to the payment of invoices: terms of payment, discounts granted, promotional codes, receipts, balances and unpaid bills that do not result in the exclusion of the person from the benefit of a right, a service or a contract subject to authorization by the Commission as provided for by the provisions of article 25-I-4 ° of the law of 6 January 1978 as amended; g) the data necessary for carrying out loyalty, prospecting, study, survey, product testing and promotion actions, the selection of people only resulting from the analysis of the data listed above; h) data relating to the organization and processing of contests, lotteries and any promotional operation such as the date of participation, responses to contests and the nature of the prizes offered; i) data relating to the contributions of people who post opinions on products, services or content, in particular their pseudonym; j) data collected through actions referred to in article 32-II of the amended law of 6 January 1978 (electronic communication services). 3. Principles applicable to the collection and processing of personal data Legal basis for the collection and processing of personal data Users' personal data is processed by IDO-DATA in the cases authorized by the regulations in force and under the following conditions: Obtaining a free, specific, informed and unequivocal consent from the User (or his legal representative in the event of minority or incapacity) to the processing of his personal data; Collection of personal data necessary for the execution of the User's request; Compliance with legal and / or regulatory obligations imposed on IDO-DATA (such as the fight against fraud and corruption); Protection of IDO-DATA's legitimate interests (such as protecting the security of its computer network). User browsing information applicable to the collection and processing of personal data When using the DIAL Solution or certain related services, certain data is collected automatically such as the geolocation of the User, the IP address , the reference of the navigation software used, the navigation data (date, time, content consulted, search terms used, etc.) or the references of the operating system. Among the technologies used to collect Users' personal data, in order to improve the quality of its service and better meet their expectations, IDO-DATA may have recourse to the use of cookies and tracers, as well as "sessions". php ”or equivalent, which store data, using a unique session ID. These sessions keep said data in memory for the users' browsing time. The data collected during browsing is deleted at the end of the browsing session on the DIAL Solution, by the User or, where applicable, within a maximum period of 13 months from their collection. Purposes of the collection and processing of personal data IDO-DATA collects and processes User data for the following purposes: to perform the functions of the DIAL Solution, namely an indicative help in finding the position of the User who is physically wearing the Bracelet, during the only period of activation of said Bracelet, by the latter, corresponding to a period of activity determined, for the purposes of prevention and safety of the User who is physically wearing the Bracelet during this same period, and of alerting the Referrer, in the event of an emergency or danger justifying it, following activation of the alert mode , always by the User who is the physical bearer of the Bracelet, so that said Referrer can prevent emergency services; for the needs of use, management of User-accounts, registration of new Users, maintenance, development and improvement of the DIAL Solution; for invoicing and communication to the payment intermediary designated in Article 4 below, for the needs of transactions for the purchase of Digital User Credits required within the framework of the operation of the DIAL Solution , by the Client User, without which the DIAL Solution cannot function; for IDO-DATA's communication and marketing needs, including more specifically the distribution of IDO-DATA's commercial offers in connection with the launch of the DIAL Solution, the sending and communication of newsletters and plans news ("newsletters"), informative or commercial alerts to wishing Users, to respond to solicitations and requests for information (online contact forms), in particular within the framework of polls, surveys and other invitations, in particular to discover the DIAL solution and legal download of the DIAL Application, to respond to job offers (personal data collected: name (s), first name (s), e-mail, phone number, CV, cover letters if attached, to disseminate via the DIAL Solution and / or all social and communication networks and / or all other IDO-DATA media and materials, whatever the form or nature, existing or future, comments and / or user reviews isers on said DIAL Solution and / or on IDO-DATA, for any measure or project falling more broadly in an objective of interest to Users or improvement of the relationship and the customer experience, to meet the requirements regulations in force or in the process of being adopted. Retention period of personal data The retention period of Users' personal data depends on the purpose concerned. In this context, Users' personal data is kept for the time necessary to fulfill their request. In the absence of any realization, personal data is deleted within the time limits recommended by the Commission Nationale Informatique et Libertés (CNIL), at the end of a period of three years from their collection on the DIAL Solution, subject to: legal possibilities and obligations in terms of archiving, obligations to store certain data for evidentiary purposes and / or to anonymize them. The personal data of any User, collected and processed for the purposes of carrying out offers are kept for the time necessary to manage the contractual relationship. By way of derogation, the personal data required to establish proof of a right or a contract are archived in accordance with legal provisions (5 or 10 years after the end of the commercial relationship as the case may be). 4. Recipients of the personal data collected The personal information collected is intended exclusively for IDO-DATA and is not the subject of assignment, transfer or exchange to third parties, other than for the operating needs of the DIAL Solution. . To this end, Users' personal data will be transmitted and processed by the following persons, for the following purposes: to the payment intermediary, for the purposes of transactions for the purchase of Digital User Credits required within the framework of the operation of the DIAL Solution, by the Client User. This payment intermediary is: Stripe Payments Europe, Ltd, The One Building, 1 Grand Canal Street Lower, Dublin 2, Co. Dublin, Ireland (IRELAND); to technical service providers for the storage of personal data collected, for data hosting needs, under the conditions of Article 5 below. Only authorized personnel of IDO-DATA and its service providers, for the purposes explained in Article 3 above, may have access to the personal data collected and be required to process them, without prejudice to their possible transmission to the bodies responsible. a control or inspection mission in accordance with the legislation and / or regulations in force or for the purpose of responding to a judicial or administrative decision. Subject to their perfect anonymization, IDO-DATA is founded, in compliance with the textual provisions in force, to use the personal data of the Users, in particular for statistical purposes, measurement, transfer and / or exchange for third. 5. Transfer of personal data The personal data of Users collected is hosted in France, as well as on servers located outside the European Union, via the host Pubnub, whose head office is located at 725 Folsom St - San Francisco, California 94107 (United States of America). Data controllers and processors may transfer data outside the European Union (EU) and the European Economic Area (EEA), provided that these transfers are supervised by using the various legal tools defined in chapter V of the GDPR. In this context, for transfers of personal data outside the European Union to be deemed justified, the controller must ensure that the appropriate measures have been put in place so that said personal data benefits from a sufficient and adequate level of protection. . In order to ensure a high level of protection for data transferred from European territory to third countries, organizations wishing to transfer data can thus use various tools, including the European Commission's decision on the adequacy of certain countries ensuring a level of protection. adequate (article 45 of the RGPD: https://www.cnil.fr/fr/reglement-europeen-protection-donnees/chapitre5#Article45). The adequacy decision constitutes the first legal framework tool, insofar as it is taken on the basis of an overall examination of the legislation in force in a State, in a territory or applicable to one or more sectors determined in the within that state. With regard to transfers of personal data from European companies to American companies, the United States of America has been recognized as adequate by the European Commission only for certain specific processing. In this context, the adequacy concerns transfers to American companies that have adhered to the Data Protection Shield, better known as the "Privacy Shield". These transfers do not require specific supervision. The Data Protection Shield is a self-certification mechanism for companies established in the United States which has been recognized by the European Commission as offering an adequate level of protection to personal data transferred by a European entity to companies. established in the United States. This mechanism is therefore considered to offer legal guarantees for such data transfers. Since August 1, 2016, the Data Protection Shield has entered into force. It is now possible to use it to transfer personal data to the United States, provided that the companies receiving the data have previously registered in the register maintained by the American administration. Beyond this formal obligation, American companies will have to respect the obligations and substantive guarantees provided for by the Privacy Shield. Before transferring personal data to a company based in the United States that claims to be Privacy Shield certified, European companies should ensure that the US company has active certification (certifications must be renewed annually) and that the certification covers the data in question. In order to verify if a certification is active and applicable, European companies should consult the Privacy Shield List which is published on the US Department of Commerce website (https://www.privacyshield.gov/welcome). The Pubnub company, which IDO-DATA uses, for the hosting needs of Users' personal data guarantees its adherence to the Data Protection Shield and undertakes to comply with all the resulting obligations, in its policy. Privacy Policy: https://www.pubnub.com/privacy-policy/ Following verification on the Privacy Shield List which is posted on the US Department of Commerce website (https://www.privacyshield.gov/ welcome), Pubnub is one of the companies with active and applicable certification, covering all data: https://www.privacyshield.gov/participant_search With regard to the active and applicable certification of Pubnub, this is considered validly certified under the Data Protection Shield. In support of the European Commission's declaration of adequacy for transfers of personal data from European companies to American companies having adhered to the Data Protection Shield, the transfers of Users' personal data to the Pubnub company, for the needs hosting of said personal data, are deemed to be justified. Our host Pubnub also guarantees its compliance with European GDPR regulations, both in its general policy, as well as in product security and the compliance of the Internet of Things (IoT), interconnection between the Internet and connected objects, including the DIAL Solution and Application. Learn more about Pubnub's GDPR compliance means: https://www.pubnub.com/products/security-overview/ https://www.pubnub.com/products/security/gdpr/ https: // www .pubnub.com / blog / ensuring-gdpr-compliance-for-pubnub-iot-deployments / 6. Protective measures put in place by IDO-DATA IDO-DATA collects and processes the personal data of Users, in compliance with the regulations in force. When the disclosure of a User's personal data to third parties is necessary and authorized, IDO-DATA ensures that these third parties guarantee said personal data the same level of protection as that implemented by IDO-DATA. In this context, IDO-DATA asks each of its contractual partners for confirmation of compliance with the applicable regulations. IDO-DATA implements technical and organizational measures to ensure that the storage of Users' personal data is secure for the period necessary for the exercise of the purposes pursued. IDO-DATA draws the attention of Users to the fact that no transmission or storage technology is completely foolproof. Also, in the event of a proven violation of Users' personal data, likely to create a high risk for the rights and freedoms of the latter, IDO-DATA will inform the competent supervisory authority of this violation in accordance with the procedures provided for by the regulations. in force. Users must exercise caution to prevent unauthorized access to their personal data and in particular to their computer and digital terminals (computer, smartphone, tablet in particular). 7. User rights In accordance with the regulations in force, Users have the following rights, subject to legal and regulatory limitations: Right to information on the collection and processing of personal data IDO-DATA undertakes to do its best efforts to ensure that the information communicated to Users is accessible, precise and transparent on the conditions for the collection and processing of their personal data. Right of access / right to erasure ("right to be forgotten") / right of rectification / right of opposition / right to limit processing Any User can, at any time, access the personal information held about him. by IDO-DATA. He has the right to receive a copy in electronic form (for any additional copy, IDO-DATA will be entitled to demand payment of fees based on the administrative costs incurred). Each User has the right to request the deletion and / or rectification of their personal data concerning them when they are incorrect or obsolete. IDO-DATA may retain certain personal data when required by law or in the event of a legitimate reason. Users may object at any time for legitimate reasons: to the use of their personal data, for direct marketing purposes, or to the reuse of their personal data for processing other than those listed in article 2 above, except in the event of execution, by IDO-DATA, of one of its legal and / or regulatory obligations. Users have the right to request that the processing carried out on their personal data be limited to what is strictly necessary. This right is applicable only: if the User concerned disputes the accuracy of his personal data; if the User concerned justifies that the processing of his personal data is unlawful and requests a limitation of their use rather than erasure; if IDO-DATA no longer needs the personal data of the User concerned and these are still necessary for the said User for the establishment, exercise or defense of legal claims; if the User concerned opposes the processing of his personal data based on the legitimate interest of the controller, justifying an overriding legitimate interest. Right of complaint to a supervisory authority Any User, who considers that the efforts implemented by IDO-DATA to preserve the protection of his personal data do not guarantee the respect of their rights, has the possibility of lodging a complaint. with the competent supervisory authority (CNIL or any other authority mentioned on the list available from the European Commission). Right to portability of their personal data Users benefit from a right to portability of their personal data, authorizing them to obtain said personal data concerning them from IDO-DATA, in a structured, commonly used and readable format.In this context, Users can request that their personal data be transmitted to another data controller. Right to decide the fate of personal data following death Users also have the right to organize the fate of their personal data after their death by adopting general or specific directives that IDO-DATA undertakes to respect. In the absence of such guidelines, IDO-DATA recognizes the possibility for heirs to exercise certain rights, in particular the right of access if necessary for the settlement of the deceased's estate and the right of objection. Exercise by Users of their rights In order to exercise their rights, any User can contact IDO DATA, using the following contact details: IDO-DATA Le MIX - 4 and 6 avenue Joannes Hubert 69160 Tassin-la-Demi- Lune support@dial.snsm.org Tel: +33 (0) 4 28 29 61 45 To help them exercise their rights, IDO-DATA informs Users that the CNIL has established and made available to them, on its website accessible at www.cnil.fr, models of letters. Before processing the Users' request (s), IDO-DATA will be able to verify their identity, asking them for any useful proof. IDO-DATA will respond to the requests of each User as soon as possible and in any case one (1) month from the justification, by the User in request, of his identity. In the event of the complexity of the requests and / or their number, this period may be extended by two (2) additional months, IDO-DATA undertaking in any event to inform the User concerned of the extension and the reasons for the postponement. 8. Modification of the Charter IDO-DATA reserves the right to make modifications to the Charter at any time, in order to comply with legislative and regulatory developments and / or to improve its data processing and protection policy. personal. In case of modification, a new version will be updated and put online with the date of "Last update". Any new version of the Charter must be subject to prior acceptance by the Users.